New WordPress hack/virus | WordPress.org

dev22
(@dev22)

11 years ago

i am using wordpress 3.5.1 and lately my site was hacked (18/4).

as a result my site stopped completely loading returning blank page.

i found new folder in wp-content/plugins called “tv1”. it contains 3 files

class-wp-importer-cron.php
mod_system.php
tumblr-importer.php

this is the actual hack, especially file “mod_system.php”. it is chmoded to CHMOD 200 so you cant normally view it. after changing chmod you can view the file and you see actual virus which basically does lot of nasty thing with the whole server.

code here: http://pastebin.com/wFC0xhEC

i didnt analyze it all as it has 68 kB of code in it but it hacks your admin user for sure and also creates shell to access your server.

i would appreciate if someone could fix this ASAP as it is very serious bug or at least point me in direction what is causing this.

i am really annoyed by fixing my wordpress every 2 months for new viruses and malware…

Viewing 1 replies (of 1 total)

esmi
(@esmi)

11 years ago

You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Anything less will probably result in the hacker walking straight back into your site again.

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html

Viewing 1 replies (of 1 total)

The topic ‘New WordPress hack/virus’ is closed to new replies.

Tags

malware

In: Fixing WordPress
1 reply
2 participants
Last reply from: esmi
Last activity: 11 years ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics